2013-06-23

Can "they" see what I am doing?

Can "they" snoop on my https (secure web traffic) ?

For many of us the details of how encryption works is a little over our heads. Whilst I understand the principles pretty well, some of the maths is still just out of my grasp. i.e. I know I have understood it several times when explained to me, and lost it a day later. It is strange being able to pinpoint one's limits quite so precisely...

So, I thought I'd try and tackle the tricky question I am sometimes asked, especially with the concerns over PRISM and GCHQ monitoring fibres and so on. If I am using https, can someone snoop on that? Can "they" see what I am doing?

The basic answer is no, but there are some caveats that are worth covering.

The concept of https is that you create a transport layer security link to carry your communications in a secure way. The whole concept of this is to stop anyone snooping.

End points see all

The first thing to be very aware of is that the two ends of the link see everything. This means that on your computer the communications are in the clear, and at the far end web server. This stands to reason, but is worth thinking more about.

For a start, this means that your communications may be logged on files on your computer. Importantly, if you have any sort of virus or spyware on your computer, that may have access to the communications. For the real paranoid, it means that the people that created your operating system, device drivers, possibly even hardware, could have planted ways to get at that data.

In practice, I suspect the biggest risk is some sort of virus on your machine. Keep the machine clean and you are fine. That said, why would a virus want to track you. Maybe it is a virus planted by "them"? I am sure if you are a "person of interest" then that is possible, but most of us are concerned about the general collection of everything we are doing rather than being specifically targeted.

Even so, do not forget that the web server sees all. You have to trust them. This means for things like social network sites, you may be using https to them but they see all, and could be telling "them" all. Do you trust the web site operator?

End points are trackable

The way https works is that the traffic still goes between you and the server. The hidden data is what is sent and received, not the addresses. So, any level of snooping on an Internet link can tell what servers you connect to. A server could have many web sites, so this may not be a big clue in itself, but see below on DNS...

DNS tells a lot

Before contacting a server, even by https, you need to do a DNS lookup. This gets the IP for the server. If someone can log the DNS requests then they have a lot of clues about what web sites you are accessing, by name. This is more detail than simply the IP address, as above.

Diverting DNS used to be something that was vaguely possible by some clever attacks on ISP DNS servers. It was used mainly to try and target on-line banking. These tricks can be detected, and DNSSEC is already being deployed to stop that. Though, "they" may have access to DNS root signing certificates. This can be detected so any systematic tricks like this will be "outed" quickly.

Passive monitoring

There are two types of snooping to consider. What has been discussed in the press is passive snooping. This means obtaining a copy of the data as it passes by. It is called interception by the RIP Act. Legalities aside, passive monitoring cannot see what is going on with a transport layer security connection. I.e. they cannot see what is happening on an https connection.

Part of the reason for this is the initial key exchange done as part of the transport layer security. This is done in a way that means only the two ends can tell what the keys actually are.

There is, however, talk of "them" having root certificates. This is very likely to be true, and it allows active monitoring. But it does not help with passive monitoring.

Active monitoring

The rather more tricky way of snooping it active. This means that you are able not just to monitor things as they pass, but divert the traffic and change it on the way. This could mean actually diverting traffic, or simply diverting DNS in a way that means you think you are talking to some other server than you think you are.

If you have access to a root certificate it is possible to fake the signing and authentication that is used by a web server to convince you and your web browser that it is legit. Having done that, they can then connect to the real web server, pretending to be you. In between they can monitor the communications.

If they are very clever, they can do this without even making the IP addresses look wrong.

The trick with this type of monitoring is that it can be detected. It could be used for a specific "person of interest", and hope they do not notice, and have the legal orders to back it up if they do. It could not be done on a mass scale to monitor everyone - someone would notice. We are lucky that there are enough people "out there" that can see both ends of an https link and spot if the ends do not tie up.

Assuming the maths is good

We are making an assumption - that the maths is good. We can be pretty sure this is the case simply because of the sheer number of people that know the maths far better than I do. There is always a risk that someone finds a quick algorithm to crack factorisation, or one of the other basic "hard sums" that are involved, and there may be a small window of time where that trick is known to "them" and not public, but it is pretty unlikely to last long. We pretty much have to assume the maths is good.

The maths always has limits, and there are choices of algorithms. It is possible that what we consider secure today is not so much in 10 years. What we communicate now could be recorded and cracked with enough effort, maybe. All security has to be considered in terms of time and effort and not absolutes. But again, you are talking of the difference between trawling everything and searching for stuff, or "person of interest". At present we have no reason to think the encryption normally used on https can be cracked within years of concentrated effort, so pretty safe.

Conclusion

Basically, there is no way to tap in to what is sent and received on an https link, in the middle (without access to either end), in a way that cannot be detected.

Why worry? The best quote I have seen so far is: If you're doing nothing wrong, you have nothing to hide from the giant surveillance apparatus the government's been hiding.

The government's best interest is to keep us using plaintext for everything. Then it's easy for them. As soon as they're visibly snooping they've lost the game.. we'll all switch to encrypted communications and suddenly it's a *lot* harder to work out what's going on.

With that in mind.. I can't help thinking that the spooks don't like what the government keeps trying to do either.

I have always been concerned about the prejudice against self-signed certificates from browsers and operating systems. The idea of using a selection of external entities to guarantee the security of communications just seems completely bizarre. Who am I more likely to trust to keep a key secure, a faceless organisation like Verisign (who buckle under the slightest pressure at handing over domain names to US government agencies) or... me?

Yes I know that in a corporate environment you can deploy your own root self-signed SSL certs reasonably easily but there's such a huge variety of devices and platforms in businesses these days that it's pretty much a nightmare.

To me it's always felt like there's a reason you're forced to use commercial certs from a relatively small cabal of certification authorities. Keep the root of all trust in the hands of a chosen few.

I suppose I'm thinking of this from the server operator's side of things. The user however, who should they trust? Me or a mega-corporate brand like Verisign? How do they know the cert they're using is legitimately from the server operator anyway? Well how about giving self-signed SSL certs a pass through the browser if there's a TXT record for the host containing the cert serial number AND the zone file has DNSSEC enabled?Is there a reason that that's a bad idea?

Chrome already has support for this: https://www.imperialviolet.org/2011/06/16/dnssecchrome.html

There are also things like HSTS and Pinning, which let you say "Always connect over TLS" and "For the next week absolutely do not allow connections with a different certificate" (for the latter case, browsers _must_not_ and don't have a bypass button

Corporate-deployed SSL roots actually allow the corporate to transparently MITM your SSL traffic at their proxy. It's rather nasty. There are a number of other attacks against https such as BEAST and CRIME which, like most crypto cracks, rely on implementation errors rather than flaws in the underlying maths.

SSL has had some rather nasty holes over its time. In the end, the holes turn out to be small (but not inconsiderable) as it relies on the attacker being able to intercept the communication in the first place which almost always requires access to one of the endpoints. If you have that then there are easier ways to get at the plaintext. To otherwise get access to the communication you need to be an ISP or have a successful attack on another part of the infrastructure such as DNS (of which there have been many).

Security works in layers and it's only as strong as the weakest part. Often just asking users for their details is sufficient to steal their things.

I'm starting to wonder if SSL and AES can be considered secure.Governments may have got the CA keys from signers, or they may simply force them to sign their own certificate that says aa.net.uk for example. If you can't absolutely trust the CA then the whole thing is entirely useless as you have no idea what server is really on the other end. Also AES was strongly pushed by a certain organisation that have now been shown to be recording everything we do. Would they really be pushing a secure encryption standard they can't break?

I'm pretty sure I'm just being paranoid, but not nearly as sure as I would have been a month ago.

I'm even starting to wonder about all the pressure you get to not implement your own encryption standard because you'll get it wrong, and starting to wonder if in fact the real reason is that you might get it right.

In my experience it's not obvious which security paths to pursue when either your requirements and attack model are unclear or your risk assessment is incomplete.

Most of the encryption technology deployed on The Internet is modeled on threats from other commercial or private entities who want to steal money from their victims. They are not designed or intended to protect you from your government and they're not really designed to protect your intellectual property or privacy. Indeed, your government can legally do such things as freeze your assets or compel you to reveal your encryption keys so no amount of tech can "protect" you from "them".

One thing that has begun making the major headlines in recent years is the threat posed by foreign governments. Until recently the rhetoric was not based around "individuals vs foreign governments" but more around "governments vs governments" and "megacorps vs foreign governments". The PRISM scandal starts to highlight possible attack vectors against specific individuals. Many people believe that it is infeasible to pick out people who are not already known to be interesting from the vast quantities of noisy data. However, statistical methods have been known for decades and the computing power to calculate them has become available in the last 20 years.

Everything I write here is just my honest opinion and not a statement by my employer, etc, you get the idea. If you find any words or pictures menacing or offensive, or likely to impair your computer, or alarming or distressing, stop reading now and don't come back (and don't forget to block me on social media too). Nothing here is legal advice. Everything on this blog is without prejudice, just in case. Comments are moderated so do not appear instantly. You take responsibility for any comments you post. Always bookmark www.me.uk as I may change the URL blogger sees.

And please, if you don't like what I post, say so - comment - discuss...